derp: set NotBefore and NotAfter in DERP server's metacert

Fixes regression from e415991256 that only affected Windows users because Go only on Windows delegates x509 cert validation to the OS and Windows as unhappy with our "metacert" lacking NotBefore and NotAfter. Fixes #705
2025-08-20 01:47:33 +00:00 · 2020-08-24 14:55:26 -07:00
parent a903d6c2ed
commit 169ff22a84
1 changed files with 3 additions and 0 deletions
--- a/derp/derp_server.go
+++ b/derp/derp_server.go
@@ -306,6 +306,9 @@ func (s *Server) initMetacert() {
 		Subject: pkix.Name{
 			CommonName: fmt.Sprintf("derpkey%x", s.publicKey[:]),
 		},
+		// Windows requires NotAfter and NotBefore set:
+		NotAfter:  time.Now().Add(30 * 24 * time.Hour),
+		NotBefore: time.Now().Add(-30 * 24 * time.Hour),
 	}
 	cert, err := x509.CreateCertificate(crand.Reader, tmpl, tmpl, pub, priv)
 	if err != nil {